Claims 



We claim: 

1 1. A method for implementing security management in 

2 a storage area network including at least one storage 

3 resource user, a resource provider, and resources 

4 controlled by the resource provider, the method 

5 comprising the steps of: 

6 providing notification to the storage resource 

7 user that a resource provider is available on the 

8 storage area network; 

9 requesting access to the resources by sending 

10 identifying indicia from the storage resource user to 

11 the resource provider, in response to receiving the 

12 notification; and 

13 examining a table of approved entities for the 

14 identifying indicia to determine whether any resources 

15 are available to the requesting storage resource user; 

16 wherein, if the resources are determined to be 

17 available to the storage resource user requesting 

18 access to the resources, then allowing the storage 

19 resource user to access the resources. 

1 2. The method of claim 1, wherein, if no the 

2 resources are determined to be available to the 

3 requesting storage resource user, then storing the 

4 identifying indicia in a table of no t -ye t -approved 

5 entities . 

1 3. The method of claim 1, wherein the resource provider 

2 comprises an RAID controller. 

1 4. The method of claim 3, wherein the table of 

2 approved entities is stored in non-volatile memory in 

3 the controller. 
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1 5. The method of claim 3, wherein a table of not- 

2 yet-approved entities comprising a node World Wide 

3 Name and a port World Wide Name for a plurality of 

4 storage resource users is stored in volatile memory in 

5 the controller. 

1 6. The method of claim 1, wherein the resources 

2 comprise an array of data storage devices. 

1 7. The method of claim 1, wherein the identifying 

2 indicia comprise a node World Wide Name and port World 

3 Wide Name. 

1 8. The method of claim 1, further comprising the 

2 steps of : 

3 uploading a list of available resources from the 

4 resource provider to a management station; 

5 uploading the table of not-yet-approved entities 

6 from the resource provider to the management station; 

7 selecting a storage resource user identity from 

8 the table of not-yet-approved entities; 

9 selecting, from the list of available resources, 

10 resources to be made available to the storage resource 

11 user; 

12 sending a list of the resources selected and 

13 storage resource user identity to the resource 

14 provider; 

15 allocating, to the storage resource user, the 

16 resources included in the list; and 

17 presenting, to the storage resource user, the 

18 resources allocated in the allocating step. 

1 9. The method of claim 8, further comprising the 

2 steps of: 
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3 uploading the table of approved entities from the 

4 resource provider; and 

5 optionally selecting the storage resource user 

6 identity from the table of approved entities instead 

7 of from the table of not-yet-approved entities. 

1 10. The method of claim 8, including storing the 

2 resources to be made available to the storage resource 

3 user in a LUN access map in the table of approved 

4 entities. 

1 11. The method of claim 10, wherein each command 

2 received from the storage resource user is checked by the 

3 controller against the LUN access map for authentication. 

1 12. A method for implementing security management in 

2 a storage area network including at least one storage 

3 resource user, an data storage RAID controller, and a 

4 data storage array coupled to the controller, the 

5 method comprising the steps of: 

5 granting access to data storage areas on disks in 

7 the storage array to specific storage resource users 

8 of the at least one storage resource user; 

9 storing, in a table of approved entities in non- 
10 volatile memory in the controller, indicia of data 

11 storage areas on disks in the storage array accessible 

12 to any storage resource user that has been granted 

13 access to data storage areas on disks in the storage 

14 array; 

15 storing, in a table of not-yet-approved entities 

16 in volatile memory in the controller, indicia of any 

17 of the at least one storage resource user that have 

18 not been granted access to data storage areas on disks 

19 in the storage array; 
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20 requesting access to the areas by sending at 

21 least the identifying indicia from the storage 

22 resource user to the resource provider; and 

23 examining the table of approved entities for the 

24 identifying indicia to determine whether any of the 

25 data storage areas are available to the requesting 

26 storage resource user; 

27 wherein, if the data storage areas are determined 

28 to be available to the storage resource user 

29 requesting access to the data storage areas, then 

30 allowing the storage resource user to access the data 

31 storage areas; otherwise, if no the data storage areas 

32 are determined to be available to the requesting 

33 storage resource user, then storing the identifying 

34 indicia in the table of not-yet-approved entities. 

1 13. The method of claim 12, wherein the indicia 

2 comprise the node World Wide Name and port World Wide 

3 Name for the storage resource user, 

1 14. The method of claim 12, including the step of 

2 providing notification to the storage resource user 

3 that a resource is available on the storage area 

4 network. 

1 15. The method of claim 12, including the steps of: 

2 uploading a list of available data storage areas 

3 from the controller to a management station; 

4 uploading the table of not-yet-approved entities 

5 from the controller; 

6 selecting the identifying indicia corresponding 

7 to a storage resource user, from the table of not-yet- 

8 approved entities; 
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selecting, from the list of available data 
storage areas, the data storage areas to be made 
available to the storage resource user; 

sending association information to the 
controller, the association information including a 
list of the data storage areas to be made available to 
the storage resource user and the identifying indicia 
corresponding to a storage resource user; and 

allocating, to the storage resource user, the 

18 data storage areas included in the association 

19 information. 

1 16. The method of claim 12, wherein the data storage 

2 areas comprise logical units. 
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The method of claim 16, including storing the 



data storage areas to be made available to the storage 
resource user in a LUN access map in the table of 
4 approved entities. 

1 18. The method of claim 17, wherein each command 
2 
3 



received from the storage resource user is checked by 
the controller against the LUN access map for 



4 authentication. 

1 19. A system for implementing security management in 

2 a storage area network including at least one storage 
resource user, a resource provider, and resources 

4 controlled by the resource provider, the system 

5 comprising: 

6 a first table of approved entities for storing, 

7 in memory in the controller, indicia of data storage 

8 areas on disks in the storage array and the storage 

9 resource user to which the areas are accessible; and 

a second table of not-yet-approved entities for 
storing, in memory in the controller, indicia 
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12 identifying indicia for storage resource user entities 

13 that are presently not allowed access to any resources 

14 on the storage area network; 

15 wherein the storage resource user is allowed to 

16 access the specific logical units included in the 

17 indicia of data storage areas on disks in the storage 

18 array, if the indicia in the first table corresponds 

19 to identifying indicia provided by the storage 

20 resource user. 

1 20. The system of claim 19, wherein the first table 

2 includes a LUN access map for storing indicia of 

3 specific logical units on the data storage areas, and 

4 indicia of the storage resource user to which the 

5 specific logical units are accessible. 
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